You can use vSphere Certificate Manager to generate Certificate Signing Requests (CSRs). Submit those CSRs to your enterprise CA or to an external certificate authority for signing. You can use the signed certificates with the different supported certificate replacement processes.

About this task

You can use vSphere Certificate Manager to create the CSR.

If you prefer to create the CSR manually, the certificate that you send to be signed must meet the following requirements.

Key size: 2048 bits or more

PEM format. VMware supports PKCS8 and PKCS1 (RSA keys). When keys are added to VECS, they are converted to PKCS8

x509 version 3

If you are using custom certificates, the CA extension must be set to true for root certificates, and cert sign must be in the list of requirements.